客户端:http://localhost:8080/spring-oauth-client/index.jsp
服务端:http://localhost:8080/spring-oauth-server/index.jsp
access_token=942090fc-1aa0-4444-8127-57214680df3b
验证业务:http://localhost:8080/spring-oauth-server/m/dashboard?access_token=942090fc-1aa0-4444-8127-57214680df3b
一、客户端环境搭建
1、客户端工程导入和配置
2、客户端工程发布和访问
del /q D:\tools\Tomcat8.0\webapps\spring-oauth-client.war
del /q D:\tools\Tomcat8.0\webapps\spring-oauth-client
copy D:\workspace_SpringMybatis\spring-oauth-client\target\spring-oauth-client.war D:\tools\Tomcat8.0\webapps\spring-oauth-client.war
http://localhost:8080/spring-oauth-client/index.jsp
二、服务端环境搭建
1、本机数据库安装
2、服务端工程导入和配置
3、服务端发布和访问
del /q D:\tools\Tomcat8.0\webapps\spring-oauth-server.war
del /q D:\tools\Tomcat8.0\webapps\spring-oauth-server
copy D:\workspace_SpringMybatis\spring-oauth-server\target\spring-oauth-server.war D:\tools\Tomcat8.0\webapps\spring-oauth-server.war
http://localhost:8080/spring-oauth-server/index.jsp
三、客户端和服务端联调
1、访问客户端
http://localhost:8080/spring-oauth-client/index.jsp
2、使用password模式申请access_token
得到access_token
3、找到目标业务和访问形式
在服务端找到业务链接:http://localhost:8080/spring-oauth-server/m/dashboard?access_token=i_am_testing_access_token
注意请求受保护的资源时传递 Access Token 有两种方式
- 方式一在URL参数中添加
access_token,即请求参数:<access_token,your_access_token>
- 方式二在请求的Header中添加 Authorization, 其值为 beareryour_access_token, 即请求头:<Authorization, beareryour_access_token>
4、携带access_token访问业务
请求参数方式:
http://localhost:8080/spring-oauth-server/m/dashboard?access_token=942090fc-1aa0-4444-8127-57214680df3b
请求头方式:
请求头:Authorization=bearer942090fc-1aa0-4444-8127-57214680df3b
http://localhost:8080/spring-oauth-server/m/dashboard
返回业务结果如下:
四、访问非授权url或token失效的情况
1、携带有效access_token
http://localhost:8080/spring-oauth-server/m/dashboard?access_token=8fc3782b-5e24-4816-80e6-879cb4d3f1cd
2、携带失效access_token
http://localhost:8080/spring-oauth-server/m/dashboard?access_token=942090fc-1aa0-4444-8127-57214680df3b
3、不携带access_token
http://localhost:8080/spring-oauth-server/m/dashboard